1 files changed, 18 insertions, 2 deletions

diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
index 54e4af50..982805d9 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
@@ -108,6 +108,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
                                      PKCS8_PRIV_KEY_INFO *p8)
 {
     PKCS12_SAFEBAG *bag;
+    const EVP_CIPHER *pbe_ciph;
 
     /* Set up the safe bag */
     if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -116,8 +117,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
     }
 
     bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe_nid = -1;
+
     if (!(bag->value.shkeybag =
-          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                         p8))) {
         PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -166,6 +173,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
     PKCS7 *p7;
     X509_ALGOR *pbe;
+    const EVP_CIPHER *pbe_ciph;
     if (!(p7 = PKCS7_new())) {
         PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -175,7 +183,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                   PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
         return NULL;
     }
-    if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+    else
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+    if (!pbe) {
         PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
         return NULL;
     }